Hackers drawn to portable devices

Updated
October 20, 2012 09:19:00

A surge in the number of applications and portable devices used on computer networks could be creating new opportunities for hackers. The head of one of the world's biggest network security companies says the use of personally owned devices like mobiles and tablets on corporate and government systems could even open the door to cyber terrorists.

ELIZABETH JACKSON: A surge in the number of applications and portable devices used on computer networks could be creating new opportunities for hackers.

The head of one of the world's biggest network security companies says the use of personally owned devices like mobiles and tablets on corporate and government systems could even open the door to cyber terrorists.

Mark McLaughlin, of the Palo Alto group in California, and a member of president Obama's national security telecommunications committee, spoke in Sydney with our business editor, Peter Ryan.

MARK MCLAUGHLIN: From a cyber security perspective, it's just the explosion of applications that are now traversing enterprise networks and likely to increase overtime.

And those applications have the capability of bringing threats into the network.

PETER RYAN: So you're talking about social media applications - Facebook, Twitter - that are now standard items on computer screens in just about every office.

MARK MCLAUGHLIN: That's part of it, a big part of it.

So if you think about a lot of the macro technology trends we've seen in the last few years - cloud computing, social media, consumerisation of IT.

And people are bringing in their own devices, they're accessing them from the office. And one of the aspects of consumerisation of IT which is the total blurring of the line of what's personal and what is corporate any longer.

So when folks are using their own devices and are accessing they're corporate network with their own devices, whatever they were doing at home or wherever they were is now going to be on your network unless you have a really good way of seeing everything that's on the device and the traffic.

PETER RYAN: So those social media applications are here to stay, but there are some very big risks when it comes to security?

MARK MCLAUGHLIN: Yeah, I think social media applications are here to stay because people are using them, right? And no matter what you're trying to do from a security perspective, folks are going to use those applications.

And a lot of those application developers know how to circumvent network security. They're not malicious, they just know that the users want to use them and they want the users to use them.

So if you're using traditional network security technology which was developed 15, 20 years ago when there was really only two applications on your network - email and web browsing - you have a problem, because now you have a 1,000 on your network.

PETER RYAN: So given the streaming, video, audio, pictures, data, voice messages that come through social media, can they contain malicious software, malware?

MARK MCLAUGHLIN: Yes, very easy to do that.

And again, you may not even know it's occurring. So the bad guys can tunnel really bad things inside of an application. So unless you cans see at a very granular detail the application and the content packet by packet, you really don't know what's on your network.

PETER RYAN: So this is more than just a computer bug, these are a type of malicious viruses that could even bring power grids or infrastructure to a halt?

MARK MCLAUGHLIN: They could be very powerful. And the issue is you have a combination of two things, right: you have the explosion of these applications, which -think of those as delivery vehicles into an enterprise network on which the bad guys can ride in to the network. At the same time you have incredible increase in sophistication of the attackers.

So attacks today tend to be very, very targeted.

PETER RYAN: So when you talk about "the bad guys", are you talking about organised criminals or the mafia?

MARK MCLAUGHLIN: It could be all of the above.

So, I mean, the ones that get most of the attention today are state-sponsored attacks or organised crime-funded attacks.

The unfortunate reality is that there's a lot of money involved in cyber secrets. So wherever the money is, that's where the bad guys, whoever they are, go.